[Question] how to use x509 certificate manually without introducing cert-manager #292
Description
I'm new to this project and K8s, and I'd like to deploy my own etcd-operator in my K8s cluster.
I wonder that if I can use x509 certificate like kubeadm, for example:
[root@master manifests]# cat etcd.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubeadm.kubernetes.io/etcd.advertise-client-urls: https://192.168.24.180:2379
creationTimestamp: null
labels:
component: etcd
tier: control-plane
name: etcd
namespace: kube-system
spec:
containers:
- command:
- etcd
- --advertise-client-urls=https://192.168.24.180:2379
- --cert-file=/etc/kubernetes/pki/etcd/server.crt
- --client-cert-auth=true
- --data-dir=/var/lib/etcd
- --experimental-initial-corrupt-check=true
- --experimental-watch-progress-notify-interval=5s
- --initial-advertise-peer-urls=https://192.168.24.180:2380
- --initial-cluster=master=https://192.168.24.180:2380
- --key-file=/etc/kubernetes/pki/etcd/server.key
- --listen-client-urls=https://127.0.0.1:2379,https://192.168.24.180:2379
- --listen-metrics-urls=http://127.0.0.1:2381
- --listen-peer-urls=https://192.168.24.180:2380
- --name=master
- --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
- --peer-client-cert-auth=true
- --peer-key-file=/etc/kubernetes/pki/etcd/peer.key
- --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
- --snapshot-count=10000
- --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
above is etcd static pod yaml which is generated by kubeadm, and we can see that cert-file, key-file, peer-cert-file... are wrote the path of certificate file.
I see that aenix-io/etcd-operator supports cert-manager, but I'd like to try the above form of introducing certificates, what can I do? and where can I find the relavant documents? Thank you very much!